Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b7e27567f201a840d0f9c12cf0a2d734

  • Size

    264KB

  • Sample

    240306-t8necacg36

  • MD5

    b7e27567f201a840d0f9c12cf0a2d734

  • SHA1

    1bc2fd9116bffab627b0ea37ff0bb7c49726b9a5

  • SHA256

    eedbfa19e0dea5bf1cb8ddd108ecc4ddc8a67481fafa759e588da3125228992e

  • SHA512

    30b0f5c7297e83c0ebeef938eea9edc18cc7149d1aef6a1eaa16c83d0f03167bd9fe8bb3a1f21a614af81c589e82a505a3f9d4e98934c7d452bec95eab205aac

  • SSDEEP

    6144:MuT4E4r0VSSzM/pGewA8JSc1G3PKArAdld/6Vl/J5FA:H4rESSzMvwAiSWmPYP16Vl/x

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://readinglistforaugust1.xyz/

http://readinglistforaugust2.xyz/

http://readinglistforaugust3.xyz/

http://readinglistforaugust4.xyz/

http://readinglistforaugust5.xyz/

http://readinglistforaugust6.xyz/

http://readinglistforaugust7.xyz/

http://readinglistforaugust8.xyz/

http://readinglistforaugust9.xyz/

http://readinglistforaugust10.xyz/

http://readinglistforaugust1.site/

http://readinglistforaugust2.site/

http://readinglistforaugust3.site/

http://readinglistforaugust4.site/

http://readinglistforaugust5.site/

http://readinglistforaugust6.site/

http://readinglistforaugust7.site/

http://readinglistforaugust8.site/

http://readinglistforaugust9.site/

http://readinglistforaugust10.site/

rc4.i32
rc4.i32

Targets

    • Target

      b7e27567f201a840d0f9c12cf0a2d734

    • Size

      264KB

    • MD5

      b7e27567f201a840d0f9c12cf0a2d734

    • SHA1

      1bc2fd9116bffab627b0ea37ff0bb7c49726b9a5

    • SHA256

      eedbfa19e0dea5bf1cb8ddd108ecc4ddc8a67481fafa759e588da3125228992e

    • SHA512

      30b0f5c7297e83c0ebeef938eea9edc18cc7149d1aef6a1eaa16c83d0f03167bd9fe8bb3a1f21a614af81c589e82a505a3f9d4e98934c7d452bec95eab205aac

    • SSDEEP

      6144:MuT4E4r0VSSzM/pGewA8JSc1G3PKArAdld/6Vl/J5FA:H4rESSzMvwAiSWmPYP16Vl/x

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks